Comcare thinks it's above the law. Egregious assaults on our privacy rights, lawbreaking!
Comcare doesn’t seem to have gotten the memo that in Australia, the people in this country have a right to privacy.
At the Federal level, which is the level Comcare operates at, the right to privacy is provided to us by the Privacy Act 1988, and the Australian Privacy Principles (APPs) which are scheduled within the Privacy Act 1988.
Comcare has been committing numerous breaches of the APPs, however, for the sake of brevity, I am going to focus on one specific APP that I will demonstrate Comcare is breaching.
Australian Privacy Principle 3 — collection of solicited personal information (APP 3)
APP 3 restricts Comcare, being an APP entity, from collecting sensitive information about us without our consent. Any health information is sensitive information as defined within the APPs.
APP 3 does provide subclause 3.4 which lists a number of exemptions that allow an agency like Comcare to collect information contrary to subclause 3.3. In saying that, none of the conditions for exemption apply to Comcare.
Comcare have stated that they are relying on the exemption provided in APP 3 subclause 3.4(a) as a means to collect our medical information behind our back, without our knowledge or consent.
Comcare claims that it is authorised to collect our sensitive information because APP 3 3.4(a) states that anyone with authority to collect our information may do so.
Comcare asserts that by way of section 70 of the Safety, rehabilitation and Compensation Act 1988 (SRC Act), Comcare can do anything “necessary or convenient” when performing its functions as defined within the SRC Act.
Comcare has specifically stated the following to me:
As we can see above, Comcare’s assertion is that because the SRC Act allows them to do anything “necessary or convenient”, that allows Comcare to decide that it is necessary or convenient to invade our privacy. That doesn’t sound right, does it? I mean think about it, as a human being capable of applying logic and reason into your thought process, how can it be said to be reasonable for the government to provide us with privacy rights (APPs), but then the government can abrogate (waive) those rights as soon as they become inconvenient to the government? This is not even a logical proposition. I did a little bit of research to see if what Comcare was saying was true, TL;DR: it isn't.
This little gem above came in an email sent to me by Comcare, where Comcare describes to me it is breaking the law. A Comcare employee named Sarah who works in the Statutory Oversight team, the team that is supposed to ensure that Comcare is following the law… does not know the law… don’t be a Sarah.
The Office of the Australian Information Commissioner
I spent 5 minutes searching the website of the Office of the Australian Information Commissioner (OAIC), and I immediately found information that discredits what Comcare is saying.
At this link to OAIC’s website, we can see what is meant by the APP 3 subclause 3.4(a) meaning of “Required or authorised by or under an Australian law or a court/tribunal order”.
As we can see above, OAIC very clearly states that “Nor can an act or practice rely solely on a general or incidental authority conferred upon an agency to do anything necessary or convenient for, or incidental to or consequential upon the specific functions and powers of the agency.”. Make no mistake about it, what OAIC is saying here is that section 70 of the SRC Act, a section which allows Comcare to do what is “necessary or convenient”, cannot be taken as authority to collect our sensitive information under APP 3 subclause 3.4(a).
OAIC also states that for Comcare to be “required” to collect our sensitive information, there must be words in the SRC Act that state Comcare must collect our information. Given the SRC Act does not contain any sections that specify Comcare must collect our information, it cannot be said that Comcare is required to collect our information. Comcare wants to collect our information, by choice, and as such, it requires our consent to do so.
For Comcare to be considered “authorised” to collect our information, there must be clear and direct language in the SRC Act that states Comcare may collect our information. Again, just as there is nothing specifying that Comcare must collect our information, equally, there is nothing specifying that Comcare may collect our information. Therefore, it cannot be said that Comcare is authorised.
OAIC cites the High Court case Coco vs The Queen (1994) as being the case law precedent which makes this finding.
As we can see, OAIC specifically discredits Comcare’s claim that section 70 of the SRC Act grants them authority to access our sensitive information. Comcare must obtain our consent first, and Comcare does not want to do so. It took me, not even kidding, 5 minutes of searching the OAIC website to prove Comcare wrong. I have advised Comcare they are wrong, and they offer no rebuttal, they just ignore me.
Comcare is breaking the law
Alright, so I have established that Comcare is breaching APP 3, but does this mean that Comcare is breaking the law? Well yes, it does mean this.
Section 15 of the Privacy Act 1988 states:
As we can see, “An APP entity must not do an act, or engage in a practice, that breaches an Australian Privacy Principle”. This is not ambiguous law, it is clear that if Comcare breaches an APP, it does so contrary to section 15 and is therefore found to be breaking the law.
I have just demonstrated to you that Comcare is breaking the law, but the government does not care. The Australian Government makes laws, and it expects us to follow these laws, but as soon as these laws become inconvenient to the government, it just breaks the law to suit itself. How can it be said that this is appropriate conduct by our government?
It has been brought to my attention by another member of the public, that APP 3 contains subclause 3.5.
It cannot be said that deliberately hiding the fact you are collecting our information (which is a breach of APP 5) and ignoring our express wishes to seek consent from us first, is lawful or fair. It is neither of those things.
I have been making sure that I post this law breaking in comments on the platform X, to bring this to the attention of politicians, I have tried to raise this with OAIC, the Ombudsman, nobody is able to give me a coherent response or reason as to why Comcare is allowed to break the law like this, they just defend Comcare because “it is the government and the government can just do whatever it likes”. Apparently, the government does not have to follow the law that it makes.
I have been pointing this out to Comcare, and Comcare’s response is to take petty and punitive actions upon me. It has lied to ACT police, told them I am threatening their staff (I am not), and sent the police to my house. Comcare is operating entirely in bad faith. Instead of addressing their lawbreaking and fixing what they are doing, Comcare is going down a path of trying to execute revenge on me because I am calling them out on their lawbreaking. It must be said, however, I will not be deterred. I have absolutely no time for a government that breaks its own laws, I will never be silenced for speaking up about this.